BianLian Takes Responsibility for Two Health Data Breaches

Cybercriminal organization BianLian has claimed responsibility for data breaches affecting an Alabama ophthalmology practice and a dental clinic in California, with nearly 150,000 individuals compromised. These incidents exemplify an ongoing trend in healthcare sector targeted attacks.

The Alabama Ophthalmology Associates reported a breach to the U.S. Department of Health and Human Services (HHS) on April 8, identifying it as a hacking incident that accessed a network server and desktop computer, impacting around 132,000 individuals. Following the breach, Alabama Ophthalmology is now facing at least one proposed federal class action lawsuit related to the incident.

In the second breach involving Sonrisas Dental Health, based in San Mateo, California, the clinic notified HHS’ Office for Civil Rights on May 2. Here, the data compromise has affected nearly 16,000 individuals as a result of unauthorized access to its systems.

Both breaches were indicated on BianLian’s dark web leak site, underscoring the alarming frequency with which this gang targets healthcare entities. The tactics employed suggest initial access techniques, potentially leveraging phishing or exploitation of vulnerabilities in systems as identified in the MITRE ATT&CK Matrix.

Alabama Ophthalmology Associates revealed details in their breach notice, affirming that the impact concerned both current and former patients. The practice first noted irregularities in network activity on January 30, leading them to secure their systems and engage a specialized digital forensic firm to conduct an investigation. The analysis suggested that an unauthorized actor retrieved sensitive information between January 22 and January 30, with potentially compromised data including names, Social Security numbers, dates of birth, and medical history.

Similarly, the incident involving Sonrisas Dental Health began with an unusual activity alert on March 4. Following that detection, swift measures were undertaken to secure their digital infrastructure and conduct an inquiry. The breach notification indicated that some files may have been compromised, including names, Social Security numbers, and even dental imaging data. Notably, Sonrisas reported no evidence of misuse of the compromised information as of the latest update.

The tactics employed by BianLian are part of a broader pattern observed among ransomware groups. According to government advisories, including alerts from the FBI and Cybersecurity Infrastructure and Security Agency, BianLian’s approach has shifted from dual-extortion strategies to a focus on data theft, potentially complicating attribution of their attacks. This methodology highlights their persistence and adaptability within the cybercriminal landscape.

In conclusion, both Alabama Ophthalmology Associates and Sonrisas Dental Health underscore the vulnerabilities present in healthcare organizations that make them appealing targets for cybercriminals. As BianLian continues to evolve its tactics, businesses in the sector must remain vigilant and enhance their security measures to defend against these evolving threats.